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DETAILED ACTION 

1. This action is responsive to communications: application, filed 9/22/2003; 
amendment filed 3/26/2007. 

2. Claims 1-86 are pending in the case. 

Information Disclosure Statement PTO-1449 

3. The Information Disclosure Statements submitted by applicant on 1/16/2007 and 
4/17/2007 have been considered. Please see attached PTO-1449. 

Response to Arguments 

4. Double Patenting Rejection: 

Applicant argues: "Applicant respectfully traverses the obviousness-type doubling patenting 
rejection of each of Claims 1, 10, 19, and 28. Claims 1, 3 and 5 of the 719 publication fails to 
suggest or disclose the interactions between a content repository, a user device and a target 
device as recited in each of Claims 1, 10, 19, and 28." However, applicant does not identify 
the specific interactions that are not being disclosed. The target device has no 
interaction with the content repository, or the user device. The claim requires the 
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content provisioner to send the digital content. It does not even specify that the content 
is to be sent to the target device. A reasonable assumption, however, is that the content 
is to be sent to the target device. Even if it is assumed that the data sent by the content 
provisioner is to be sent to the target device, claim 2 of the 719 publication makes the 
interactions obvious. Claim 2 of the 719 publication requires that the content is 
received, therefore, making such interaction obvious. 

Applicant further argues: "Further, Claims 1, 3 and 5 of the 719 publication fails to suggest or 
disclose 'one or more delivery parameters identifying a target device to receive said digital 
content.'" However, as mentioned above, claim 2 of the 719 publication requires content 
data to be received. Sending the content to a device requires that the device be 
identified. Therefore, delivery parameters identifying the target device is an obvious 
requirement when the data is to be delivered to another device. 

Based on the discussion above, applicant's argument relative to Double Patenting 
Rejection of claims 1-4, 10-13, 19-22, 28, and 30-32 is found non persuasive. 

5. Rejection under section 112, second paragraph: 



Rejection of claim 5 under section 112, second paragraph is hereby withdrawn due to 
applicant's amendment. Similar corrections to other claims is noted and appreciated. 
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6. Rejection under section 102(e): 

Applicant argues: "Claim 1 recites: determining, by said content provisioned one or more 
delivery parameters, said one or more delivery parameters identifying a target device to receive 
said digital content 

Thus, Muntz must teach a content provisioner determining delivery parameters that identify a 
target device. Muntz fails to do this." However, Muntz client 105 is the target device (which 
receives the data and credentials) and the Administrative Server 104 (part of which is 
the Metadata Server 214) is the Content Provisioner. Per paragraph 19, metadata 
server sends the block list and the validation mechanism to the client 105. As indicated 
in Fig. 1 and paragraphs 12-14, client 105 and the metadata server are connected via 
network. To communicate via network, the metadata server is required to identify the 
client as recipient of data, otherwise a network connection to transmit data cannot be 
established. 

In addition, per paragraph 32, the client 105 and Metadata server authenticate each 
other. This explicitly shows that the Metadata server identifies the client 105. 

In addition, per paragraph 32, the token includes credentials, such as operation type(s) 
authorized for the client. The token is generated by the metadata server. If the token 
identifies the operations allowed by the client, it must also identify the client. Note that 
per parag. 13, client 105 may include computer or computer systems. 
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Based on the discussion above, Muntz teaches a content provisioner that identifies the 
target device. 

Applicant further argues that the rejection failed to cite any teaching of a user device, a 
target device and a content provisioner interrelated as recited in the claims. However, 
the user device and the content provisioner were added to claim 1 in an amendment. 
The user device and the target device are equivalent to the client 105, and the content 
provisioner is equivalent to Administrative Server 104. Applicant does not identify any 
specific interrelation required by claims that is not taught by Muntz. Interrelations 
between said devices such as sending and receiving the content request, and the 
authenticated digital content request is reflected in the portions of Muntz cited in the 
claim rejections. 

Accordingly, applicant's argument relative to rejection under section 102(e) is found non 
persuasive. 

7. Rejection under section 103(a): 

With respect to claim 2, applicant argues: "For example, it has not been demonstrated how a 
block list as defined by Muntz would be included in a URL." However, a URL is used to 
identify the location of data (block list) is a resource. The World Wide Web is a prime 
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example where URLs are used to identify location of an information resource. As 
mentioned in the rejection, use of URLs as a mechanism to identify the location of 
information is widely used. Therefore, inclusion of a URL in the requests would have 
been obvious, because it servers the purpose of locating the resource containing the 
block list. 

Applicant further continues: "Similarly, the fact that a tokenized URL may be known fails to 

teach or suggest anything with respect to: 

determining a token pool associated with said digital content; 

determining a token in said token pool; and 

creating a tokenized URL based at least in part on said token." However, as mentioned in 
rejection of claiml , Muntz teaches tokens associated with digital content (see parag. 
23). As mentioned in the above, use of URLs and Tokenized URLs to identify the 
location of data in a resource were well known at the time of invention. Therefore, it 
would have been obvious to create a tokenized URL in order to use it to identify the 
location of data (token). Note once again that identifying the location of data is the 
primary purpose of URLs and Tokenized URLs, as exemplified by their extended in the 
World Wide Web. 

Applicant further argues: "Thus, each of these claims was reduced to a gist, a tokenized URL, 
and then official knowledge was used without consideration of the background of either Muntz 
or Applicant's Claims." However, the rejection and the discussion above explain how it is 
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obvious to use a URL or a tokenized URL as mechanism to identify location of data. 
Applicant fails to identify how the background of Muntz or the application is related to or 
is in conflict with use of a well known technique in identifying location of data. Therefore, 
applicant's argument relative to claim 2 is found non persuasive. 

With respect to claims 6-9, 15-18, 24-27, applicant argues: "The rejection stated "Examiner 
takes official notice that use of token to specify and communicate the parameters associated with 
content delivery encryption protocol was well known at the time of the invention." 
This official notice goes against the express teachings of Muntz, "Servers 214, 216 may 
negotiate the session key and the security parameters associated with it (e.g., algorithms, life 
time, etc.)." Muntz, paragraph [0028]. Negotiation of the keys teaches away from the 
conclusions in the official notice and demonstrates yet again that the rejection is not well 
founded, because Muntz taught that the official notice was not needed and not applicable." 
However, it is not clear how "Negotiation of keys" makes use of tokens to communicate 
encryption parameters not needed or not applicable. Applicant's argument fails to 
discuss any supporting reason to support the conclusion. There is no citation of any part 
of Muntz that inhibits use or application of tokens. It is not clear how negotiation of keys 
is against the use of tokens as a mechanism to exchange cryptographic parameters. 
Therefore, applicant's argument relative to claims 6-9, 15-18, 24-27 is non persuasive. 

With respect to claims 33, 50, 67 and 84, applicant further argues: "First, Muntz taught 
only that the authorization information was encrypted and the data was simply delivered. 
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Muntz taught away from any need for encryption for delivery of the data." Again, it is not clear 
how Muntz, as alleged by the applicant, teaches away from any need for encryption for 
delivery of data. There is no citation from Muntz that shows data should not be 
encrypted, or encryption of data causes Muntz system to not function properly. 

Applicant continues: "Second, Claim 33 recites in part: 

determining, by said content repository, a session key if said authenticated digital content request 
is valid, said determining comprising: 

determining a target key based at least in part on a target ID, said target ID identifying a target 
device; and 

applying a cryptographic process to a first key based at least in part on at least part of said 
authenticated digital content request together with said target key to create said session key; 
Thus, Claim 33 recites a specific process that is used to create the session key that utilizes a 
target key and a first key to create the session key. Consequently, even if the use of a session key 
were well known, such knowledge fails to teach or suggest the specific process recited in each of 
Claim 33, 50, 67 and 84 in combination with the other operations recited therein." However, the 
specific process mentioned in claim 33 is just a way of key generation by applying a 
cryptographic process to two parameters, a first key and a target ID. As induicated in 
the official notice, generation of session keys based on a combination of other keys or 
parameters is well-known in the art. As an example, see section page 175 of the text 
book "Applied Cryptography" by B. Schneier, a copy of which is included with this 
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action. Therefore, applicant's argument relative to claim 33, 50, 67, and 84 is found non 
persuasive. 

With respect to claim 34, applicant argues that there is no motivation for combination. 
However, creation of a session key based on a master key and other parameters is 
popular because it allows generation of the key based on parameters available to the 
system, while it make guessing or hacking the key difficult. See section 8.1 of "Applied 
Cryptography" for details. 

With respect to claims 41 to 45, applicant argues that there is no citation of limitations, 
such as "incrementing a token redemption count" or "updating the offset entry". 
However, as the official notice shows, the additional limitations of claims 41 to 45 are all 
directed to the details of a token validation process, which are well known in the art. 
Applicant has not presented any argument that shows the mentioned limitations 
distinguish the invention from what the official notice considers prior art. Therefore, 
applicant's argument relative to claims 41-45 is non persuasive. 

Applicants argument regarding other pending claims is based on their dependency or 
similarity to the claims discussed above. Accordingly, applicant's argument relative to 
the other pending claims is non persuasive. 
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The Double Patenting rejection and rejection under sections 102(e) and 103(a) are as 
follows: 

Double Patenting 

8. The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. See, In re Goodman, 1 1 
F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 
645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In 
re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 
528, 1 63 USPQ 644 (CCPA 1 969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321(c) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double 
patenting ground provided the conflicting application or patent is shown to be commonly 
owned with this application. See 37 CFR 1/1 30(b). 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 

9. Claims 1-4, 10-13, 19-22, 28, and 30-32 are rejected under the judicially created 
doctrine of obviousness-type double patenting as being unpatentable over claims 1 , 2, 
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3, and 5 of U.S. Patent Application Publication No. 2004/0064717 (de Jong et al.). 
Although the conflicting claims are not identical, they are not patentably distinct from 
each other because de Jong discloses: 

de Jong claim 1: A method for digital content access control, the method comprising: 
sending a digital content request comprising a request for digital content to a content 
provisioner capable of authenticating said request; receiving an authenticated digital 
content request in response to said digital content request; and sending said 
authenticated digital content request to a content repository that provides storage for 
said digital content. 

de Jong claim 2: The method of claim 1 , further comprising receiving said digital 
content in response to said authenticated digital content request. 

de Jong claim 3: The method of claim 1 wherein said digital content request comprises 
a Universal Resource Locator (URL); and said authenticated digital content request 
comprises a tokenized URL. 

de Jong claim 5: The method of claim 4 wherein said token is from a token pool 
associated with the location of digital content for which access is authorized. 
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Claims 1, 10, 19, and 28 of the instant application are obvious overclaims 1 and 3 
above, as they produce a method for digital content access control, comprising: 
receiving a digital content request comprising a request for digital content; creating an 
authenticated digital content request if a user associated with said digital content 
request is authorized to access said digital content; determining one or more delivery 
parameters, said one or more delivery parameters identifying a target device to receive 
said digital content; and sending said authenticated digital content request including 
said one or more delivery parameters. 

Claims 2, 3, 11, 12, 20-21, 30-31 of the instant application are obvious over claims 1, 3 
and 5 above, as they produce limitations of claim 1 and wherein said digital content 
request comprises a Universal Resource Locator (URL); said authenticated digital 
content request comprises a tokenized URL; and said creating further comprises: 
determining a token pool associated with said digital content; determining a token in 
said token pool; and creating a tokenized URL based at least in part on said token. 

Claims 4, 13, 22 and 32 of the instant application are obvious over claims 1, 3 and 5 
above, as they produce limitations of claim 1 and wherein said token is from a token 
pool associated with the location of digital content for which access is authorized. 

10. This obviousness-type double patenting is not a provisional rejection as the 
conflicting claims have in fact been patented. 
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Claim Rejections - 35 USC § 102 

1 1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

12. Claims 1, 10, 19 and 28 rejected under 35 U.S.C. 102(e) as being anticipated by 
Muntz et al. (US Patent Application Publication No. 2003/0208681, filed May 6, 2002). 

12.1. As per claims 1, 10, 19 and 28 Muntz is directed to a method for digital content 
access control, comprising: receiving a digital content request comprising a request for 
digital content (Fig. 5A and associated text, and in particular paragraph 39); creating an 
authenticated digital content request (Fig. 3 and associated text describes creation of a 
block list and a token identifying the resource to be accessed, the operations that could 
be performed on the resource and the user credentials) if a user associated with said 
digital content request is authorized to access said digital content (for example, 
paragraph 31); determining one or more delivery parameters, said one or more delivery 
parameters identifying a target device to receive said digital content (the block list and 
the token determine access parameters and credentials of the user and the client 
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device); and sending said authenticated digital content request including said one or. 
more delivery parameters (paragraph 19). 

Claim Rejections - 35 USC § 103 

13. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

14. Claims 2-9, 11-18, 20-27 and 29-86 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Muntz et al. (US Patent Application Publication No. 
2003/0208681, filed May 6, 2002). 

14.1. As per claim 2, Muntz is directed to the method of claim 1 wherein said digital 
content request comprises a Universal Resource Locator (URL); said authenticated 
digital content request comprises a tokenized URL; and said creating further comprises: 
determining a token pool associated with said digital content; determining a token in 
said token pool; and creating a tokenized URL based at least in part on said token 
(Muntz teaches identification of the resource to be accessed using a token and a block 
list as identified in rejection of claim 1 . Examiner takes the official notice that a common 
and widely practice mechanism to identify a resource and credentials needed to access 
the resource is using URLs and tokenized URLs. It would have been obvious to a 
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person skilled in art to use a tokenized URL as a mechanism to implement Muntz block 
list and token). 

14.2. As per claim 3, Muntz is directed to the method of claim 2 wherein said tokenized 
URL further comprises a cryptogram based at least in part on an identifier that 
describes the location of said digital content (Muntz teaches creating a encryption of the 
token and the block list in paragraph 39. Note that the token and/or the block list include 
information that identifies the resource, and therefore once encrypted, creates a 
cryptogram based on characteristics of the resource). 

14.3. As per claim 4, Muntz is directed to the method of claim 2 wherein said token is 
from a token pool associated with the location of digital content for which access is 
authorized (generation or selection of tokens from a token pool to identify and describe 
the resource to be accessed was well-known at the time of invention). 

14.4. As per claim 5, Muntz is directed to the method of claim 1 , further comprising 
synchronizing with said content repository if synchronization is enabled (paragraph 23 
teaches synchronization with the resource storage during authorization process). 

14.5. As per claim 6, Muntz is directed to the method of claim 1 wherein said one or 
more delivery parameters comprises a serial number uniquely identifying said target 
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device (paragraph 23 shows the credentials of the user and the client device are part of 
the authorization combination). 

14.6. As per claim 7, 8 and 9 Muntz is directed to the method of claim 1 , which 
describes a method for access control to digital data and determining whether the client 
is authorized to access data. After the access authorization is determined, the next step 
is secure delivery of digital content. Examiner takes the official notice that use of a token 
to specify and communicate the parameters associated with the content delivery 
encryption protocol, such as the cryptographic process and methods to derive keys for 
encryption and decryption was well-known at the time of invention. 

14.7. Limitations of claims 10-32 are substantially the same as limitations of claims 1-9 
above. 

14.8. As per claim 33, Muntz is directed to a method for digital content access control, 
comprising: receiving an authenticated digital content request including one or more 
delivery parameters (Fig. 3 item 216 and Fig. 5B and associated text shows reception of 
an authenticated digital content request by a block server), said authenticated digital 
content request based at least in part on a digital content request comprising a request 
for digital content (see response to claim 1); validating said authenticated digital content 
request, said validating comprising indicating said authenticated digital content request 
is valid if said authenticated digital content request is validly associated with said digital 
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content and if said authenticated digital content request authenticates said digital 
content request (paragraphs 27-29); determining a session key if said authenticated 
digital content request is valid (paragraph 28), said determining comprising: determining 
a target key based at least in part on a target ID, said target ID identifying a target 
device; and applying a cryptographic process to a first key based at least in part on at 
least part of said authenticated digital content request together with said target key to 
create said session key; encrypting said digital content using said session key; and 
sending said encrypted digital content (as mentioned in response to claim 1, creation of 
a session key to encrypt the digital content for secure delivery to a target device was 
well-known and commonly used at the time of invention). 

14.9. As per claims 33 and 34, creation of the session key based on another master 
key and parameters identified in a token were well-known at the time of invention. 

14.10. Limitations of claims 35-41 are substantially the same as limitations of claims 1-9 
and 33-35 above. 

14.1 1 . As per claim 42-45 Muntz is directed to the method of claim 33 wherein said 
validating further comprises: receiving a token; indicating said token is invalid if said 
token is not associated with an partially redeemed or unredeemed offset within a token 
offset window, said token offset window comprising one or more offset entries identified 
by a base number and an offset from said base number, said one or more offset entries 
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associated with a token in a token pool formed by applying a cryptographic process to 
the sum of said base number and said offset from said base number, together with a 
token chain key, said token pool associated with said digital content; and updating the 
offset entry associated with said token and indicating said received token is valid if said 
token is associated with a partially redeemed offset or unredeemed offset within said 
token offset window (Muntz is directed to limitations of claim 33 as discussed above. 
The additional limitations are directed to a method of checking the validity of a token 
selected from a token pool, wherein the token pool is associated with a digital content 
for controlling user access. Examiner takes the official notice that this method was well 
known in the art at the time of invention, and it would have been obvious to the person 
skilled in art to use the method to control and limit user access to digital data). 

14.12. Limitations of claims 46-86 are substantially the same as limitations of claims 1- 
45 above. 

Conclusion 

1 5. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 



Application/Control Number: 10/669,160 



Page 19 



Art Unit: 2132 

TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

16. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is (571) 
272-3739. The examiner can be normally reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 

for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 



Farid Homayounmehr 



6/21/2007 
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